privilegedRoleAssignment: makePermanent

Important: APIs under the /beta version in Microsoft Graph are in preview and are subject to change. Use of these APIs in production applications is not supported.

Make the role assignment as permanent.


The following scopes are required to execute this API: Directory.AccessAsUser.All

The tenant needs to be registered to PIM. Otherwise, HTTP 403 Forbidden error will be returned.

The requestor needs to have Privileged Role Administrator role.

HTTP request

POST /privilegedRoleAssignments/{id}/makePermanent

Request headers

Name Description
Authorization Bearer {token}. Required.

Request body

In the request body, provide a JSON object with the following parameters.

Parameter Type Description
reason string Optional. The reason to make this call.
ticketNumber string Optional. The ticket number that is associated with this action.
ticketSystem string Optional. The ticket system.


If successful, this method returns 200, OK response code and privilegedRoleAssignment object in the response body.


Here is an example of how to call this API.


Here is an example of the request.

Content-type: application/json
Content-length: 110

  "reason": "reason-value",
  "ticketNumber": "ticketNumber-value",
  "ticketSystem": "ticketSystem-value"

Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-type: application/json
Content-length: 184

  "id": "id-value",
  "userId": "userId-value",
  "roleId": "roleId-value",
  "isElevated": true,
  "expirationDateTime": "2016-10-19T10:37:00Z",
  "resultMessage": "resultMessage-value"